Sharing a quantum key via the possibility of communication

A new paper in Physical Review Letters shows that it is possible to create a …

Quantum key distribution is something of a white knight in shining armor at the moment. Press releases tend to breathlessly announce how the process is absolutely secure thanks to the laws of physics and, because of that, your money is safe. But quantum key distribution is not absolutely secure, and a few different attack methodologies have been described.

Following on from the physics hit "Counterfactual quantum computation," a researcher has recently published a paper in Physical Review Letters on counterfactual quantum key distribution. In this protocol, the mere possibility that a photon might travel between a sending and receiving station is sufficient to come up with a secret key.

Building a quantum key

Quantum key distribution basically relies on three sources of randomness to generate a string of bits that is shared between sending and receiving stations. At the heart of most protocols lies a device that emits pairs of photons that are entangled. In this case, entangled means that their polarization (the orientation of the electric field of the photon) is correlated: measuring that property on one photon will set or unset the value of the other photon. One photon is sent to the receiving station (called Bob), while the other is kept locally at the sending station, called Alice.

Measurements of the polarization are then used to set bit values to one or zero. Quantum mechanics forbids us from asking questions like, "what polarization do you have Mr Photon?" Instead, we have to play a strange version of 20 questions: "Are you polarized in the vertical or horizontal direction?" Asking the question then changes the results of future measurements.

In this case, we have two people, each of whom are going to make a polarization measurement, but they aren't necessarily going to ask the same question. One might ask, "Are you vertical or horizontal?" While the other might ask, "Are you at 45 or 135 degrees?"

How is this important? In our quantum key distribution system, we can set vertical and 45 degrees to be binary one; horizontal or 135 degrees can be binary zero. If the Alice and Bob both choose to make the same measurement—"Are you vertical or horizontal?"—they will necessarily get different answers because the photons are entangled. However, if they ask different questions, sometimes they will get the same answer and sometimes they won't.

After repeating this multiple times, Alice and Bob both have two strings of random numbers. One is the values that they measured, and the second is the string of questions that they asked.

To get a common key, the two stations send their string of questions to each other. By keeping only the bits from the cases where they asked the same question, the two stations can create a common key. Since nobody else knows the values they measured, the key is secure. Furthermore, if someone attempts to intercept the quantum part of the signal, Alice and Bob will find that the error rate in the key generation process goes up. This is because any eavesdropper, called Eve, changes the photon when detecting its passage, and therefore destroys the entanglement—or at best modifies its statistics.

The vulnerability in these types of systems—there are many modifications to the protocol I have outlined above—is that there is a photon that can be intercepted. As a result, there is always the possibility of developing an attack based on the transit of that photon. But what if the photon never needs to be sent?

Reading unsent messages

This is what Tae-Gon Noh of the Electronics and Telecommunications Research Institute in Korea has considered in his latest research. The idea is that Alice has a light source that emits only a single photon at a time. These photons are passed through a beamsplitter. The photons that go one way never leave Alice's instrument, but simply get sent bounced off a mirror and returned to the beam splitter. At the beamsplitter, the photons can hit one of two detectors, both of which reveal the polarization of the photon. The difference is that the choice of which detector clicks depends on choices made by both Alice and Bob.

The photons that do leave the station make the journey to Bob, where they are sorted by polarization. The horizontally polarized photons pass through a switch, bounce off a mirror, and are returned to Alice. The vertically polarized photons are delayed, then pass through the switch, bounce off a mirror and return to Alice. However, Bob can use the the switch to selectively destroy either vertically or horizontally polarized photons by sending them to a photodetector.

Bob randomly assigns bit value one to a particular polarization and then sets his detector to detect that particular polarization. Likewise Alice randomly assigns a binary one to a particular polarization. If Alice and Bob choose differently, then the path between them remains open, and the single photon interferes with itself at the beamsplitter, with the result that a particular detector in Alice's instrument always clicks.

However, if their choices are the same, then the photon might set off any one of three detectors—Bob's, or either of Alice's. Consider: if Alice sends a photon, but gets no click, she knows for certain that the photon went to Bob. Bob also knows this, because his detector clicked. If either of Alice's detectors click, then no one know if the photon passed through to Bob or not.

However, Bob has set his instrument to destroy photons with a particular polarization, so if one of Alice's detector clicks and the polarization measurement on the photon reveals that it would have been destroyed if it had gone to Bob, then Bob knows that the photon never left Alice's station.

To generate a key, the following steps are taken: first, the "which detector clicked" information is made public. Second, if there's a click in Bob's detector or the one that is triggered when the two made different choices, then the polarization choices are also broadcast. This allows Alice and Bob to compare the results of measurements and polarization choices to ensure that evil Eve is not around.

Finally, when Alice's second detector clicks, this is announced, and, if the measured polarization is the one expected, nothing further is done. Otherwise the results of that measurement are announced as well. The key is chosen from those events where Alice simply notes that the detector clicked and nothing else. This only occurs when the photon never actually leaves the sending station, but that depends on random choices made by both Alice and Bob and the probability of the single photon taking either path. It's possible to construct a key from the random values, while it's clearly impossible for anyone to intercept the photon.

An important facet of this protocol is that a lot of information is recorded but not used in the generation of the key. However, Eve, if she's listening on the quantum part of the channel, would influence the statistics of all of these events in addition to those used to generate the key. This makes the protocol quite sensitive to her presence.

What this doesn't help with, of course, are the two most likely points of attack: Alice and Bob's inherent gullibilities—after all, they have worked for physicists for free for years, they are certainly open to other forms of exploitation. A full man-in-the-middle attack where Eve imitates both Alice and Bob, convincing both to create a separate key with her and pass all correspondence through her, should also be possible.

Latest Ars Video >

The Greatest Leap, Episode 3: Triumph

In honor of the 50th anniversary of the beginning of the Apollo Program, Ars Technica brings you an in depth look at the Apollo missions through the eyes of the participants.

The Greatest Leap, Episode 3: Triumph

The Greatest Leap, Episode 3: Triumph

In honor of the 50th anniversary of the beginning of the Apollo Program, Ars Technica brings you an in depth look at the Apollo missions through the eyes of the participants.

Chris Lee
Chris writes for Ars Technica's science section. A physicist by day and science writer by night, he specializes in quantum physics and optics. He Lives and works in Eindhoven, the Netherlands. Emailchris.lee@arstechnica.com//Twitter@exMamaku